projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dfda62d) | patch
package/oniguruma: fix CVE-2020-26159
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Thu, 15 Oct 2020 17:02:53 +0000 (19:02 +0200)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Thu, 15 Oct 2020 20:29:25 +0000 (22:29 +0200)
commit5dbebf3d35095e26463bbb0fddebf906454a685c
treefb10f639f5cc9f10d79021b56cb958eebe3c4244tree
parentdfda62d326d9fe77dc46429a398824b3405d042ecommit | diff
package/oniguruma: fix CVE-2020-26159

Fix CVE-2020-26159: In Oniguruma 6.9.5_rev1, an attacker able to supply
a regular expression for compilation may be able to overflow a buffer by
one byte in concat_opt_exact_str in src/regcomp.c.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/oniguruma/0001-207-Out-of-bounds-write.patch [new file with mode: 0644] blob
package/oniguruma/oniguruma.mk diff | blob | history